# MEForder can have either of two value 'refuse,accept' or 'accept,refuse' and 
# specifies the order in which the information in two associated directives,
# MEFaccept and MEFrefuse, are intepreted. The MEFaccept and MEFrefuse 
# directives are each used to spcifiy one or more IP numbers.

MEForder <%= @mef_order %>

# MEFrefuse can be 'all' OR a list of IP numbers and/or domain names of trusted
# proxy servers whose IP number can be derived by DNS from the domain name.
# The presence of 'all' overrides any particular IP numbers and means that no 
# proxy servers are to be trusted. Individual IP numbers mean that those proxy 
# servers having them are not to be trusted. This defaults to 'all'.

MEFrefuse <%= @mef_refuse.join(' ') %>

# MEFaccept can be 'all' OR a list of IP numbers and/or domain names of trusted 
# proxy servers whose IP number can be derived by DNS from the domain name.
# The presence of 'all' overrides any particular IP numbers and means that all 
# proxy servers are to be trusted.
# Individual IP numbers mean that those the proxy servers having them are to be 
# trusted. This defaults to an empty list of trusted IP numbers.

# MEFaccept 1.2.3.4  1.2.3.5 
MEFaccept <%= @mef_accept.join(' ') %>

# Normal mode of use is to say:
#
#   MEForder refuse,accept
#   MEFrefuse all
#   MEFaccept <space separated list of your trusted proxy servers' IP numbers>
#
# with the MEForder directive saying apply the MEFrefuse rule first then the 
# MEFaccept rule.
# The MEFrefuse rule says do not trust any proxy servers but this is selectively
# overridden for particular IP numbers listed by the MEFaccept directive.

# MEFaddenv can be 'off', 'on' (the default) or a string. 'off' means that when
# spoofing, do not add an environment variable whose value is the IP number of
# the connecting machine. 'on' means that when spoofing, add an environment 
# variable called 'MEF_RPROXY_ADDR' whose value is the IP number of the 
# connecting machine.
# A string means that when spoofing, add an environment variable named by the 
# string supplied whose value is the IP number of the connecting machine.

MEFaddenv <%= @mef_addenv %>

# MEFdebug can be 'on' or 'off' (the default). When turned 'on' information 
# about how the mod_extract_forwarded module is processing every request to your
# Apache 2 server, and any associated internal redirects or subsrequests, is 
# written to the server's error_log.
# The amount of output written and the way it is generated is such that you 
# would never normally want to turn this feature on.
# This feature is intended for debugging operation of the mod_extract_forwarded 
# module and it is unlikely you will want to do that.

MEFdebug <%= @mef_debug %>
